package demo.JDBC;

import java.sql.*;

public class Demo02 {
    public static void main(String[] args) throws ClassNotFoundException, SQLException {
        //1.注册驱动,可写可不写
        Class.forName("com.mysql.cj.jdbc.Driver");
        //2.获取链接
        String url="jdbc:mysql://127.0.0.1:3306/db1";
        String username="root";
        String password="123456";
        Connection connection = DriverManager.getConnection(url,username,password);
        //3.定义SQL语句
        String testGetAll="ss ' or '1'='1";//SQL注入
        //String testGetAll="ss";
        String sql="SELECT * FROM tset where name ='"+testGetAll+"'";
        //4.获取SQL的执行对象statement
        Statement statement = connection.createStatement();
        //5.使用对象执行SQL，并返回结果
        ResultSet resultSet = statement.executeQuery(sql);
        while (resultSet.next()){
            int id = resultSet.getInt(1);
            String string = resultSet.getString(2);
            int money = resultSet.getInt(3);

            System.out.println(id+"  "+string+"  "+money);

        }
        //6.关闭释放资源
        resultSet.close();
        statement.close();
        connection.close();

    }


}
